Kyle Isom
052d3ed1b8
- internal/ui/ui.go: add PGCred, Tags to AccountDetailData; register
PUT /accounts/{id}/pgcreds and PUT /accounts/{id}/tags routes; add
pgcreds_form.html and tags_editor.html to shared template set; remove
unused AccountTagsData; fix fieldalignment on PolicyRuleView, PoliciesData
- internal/ui/handlers_accounts.go: add handleSetPGCreds — encrypts
password via crypto.SealAESGCM, writes audit EventPGCredUpdated, renders
pgcreds_form fragment; password never echoed; load PG creds and tags in
handleAccountDetail
- internal/ui/handlers_policy.go: fix handleSetAccountTags to render with
AccountDetailData instead of removed AccountTagsData
- internal/ui/ui_test.go: add 5 PG credential UI tests
- web/templates/fragments/pgcreds_form.html: new fragment — metadata display
+ set/replace form; system accounts only; password write-only
- web/templates/fragments/tags_editor.html: new fragment — textarea editor
with HTMX PUT for atomic tag replacement
- web/templates/fragments/policy_form.html: rewrite to use structured fields
matching handleCreatePolicyRule (roles/account_types/actions multi-select,
resource_type, subject_uuid, service_names, required_tags, checkbox)
- web/templates/policies.html: new policies management page
- web/templates/fragments/policy_row.html: new HTMX table row with toggle
and delete
- web/templates/account_detail.html: add Tags card and PG Credentials card
- web/templates/base.html: add Policies nav link
- internal/server/server.go: remove ~220 lines of duplicate tag/policy
handler code (real implementations are in handlers_policy.go)
- internal/policy/engine_wrapper.go: fix corrupted source; use errors.New
- internal/db/policy_test.go: use model.AccountTypeHuman constant
- cmd/mciasctl/main.go: add nolint:gosec to int(os.Stdin.Fd()) calls
- gofmt/goimports: db/policy_test.go, policy/defaults.go,
policy/engine_test.go, ui/ui.go, cmd/mciasctl/main.go
- fieldalignment: model.PolicyRuleRecord, policy.Engine, policy.Rule,
policy.RuleBody, ui.PolicyRuleView
Security: PG password encrypted AES-256-GCM with fresh random nonce before
storage; plaintext never logged or returned in any response; audit event
written on every credential write.
84 lines
2.5 KiB
Go
84 lines
2.5 KiB
Go
package policy
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"sync"
|
|
)
|
|
|
|
// Engine wraps the stateless Evaluate function with an in-memory cache of
|
|
// operator rules loaded from the database. Built-in default rules are always
|
|
// merged in at evaluation time; they do not appear in the cache.
|
|
//
|
|
// The Engine is safe for concurrent use. Call Reload() after any change to the
|
|
// policy_rules table to refresh the cached rule set without restarting.
|
|
type Engine struct {
|
|
rules []Rule
|
|
mu sync.RWMutex
|
|
}
|
|
|
|
// NewEngine creates an Engine with an initially empty operator rule set.
|
|
// Call Reload (or load rules directly) before use in production.
|
|
func NewEngine() *Engine {
|
|
return &Engine{}
|
|
}
|
|
|
|
// SetRules atomically replaces the cached operator rule set.
|
|
// records is a slice of PolicyRuleRecord values (from the database layer).
|
|
// Only enabled records are converted to Rule values.
|
|
//
|
|
// Security: rule_json is decoded into a RuleBody struct before being merged
|
|
// into a Rule. This prevents the database from injecting values into the ID or
|
|
// Description fields that are stored as dedicated columns.
|
|
func (e *Engine) SetRules(records []PolicyRecord) error {
|
|
rules := make([]Rule, 0, len(records))
|
|
for _, rec := range records {
|
|
if !rec.Enabled {
|
|
continue
|
|
}
|
|
var body RuleBody
|
|
if err := json.Unmarshal([]byte(rec.RuleJSON), &body); err != nil {
|
|
return fmt.Errorf("policy: decode rule %d %q: %w", rec.ID, rec.Description, err)
|
|
}
|
|
rules = append(rules, Rule{
|
|
ID: rec.ID,
|
|
Description: rec.Description,
|
|
Priority: rec.Priority,
|
|
Roles: body.Roles,
|
|
AccountTypes: body.AccountTypes,
|
|
SubjectUUID: body.SubjectUUID,
|
|
Actions: body.Actions,
|
|
ResourceType: body.ResourceType,
|
|
OwnerMatchesSubject: body.OwnerMatchesSubject,
|
|
ServiceNames: body.ServiceNames,
|
|
RequiredTags: body.RequiredTags,
|
|
Effect: body.Effect,
|
|
})
|
|
}
|
|
|
|
e.mu.Lock()
|
|
e.rules = rules
|
|
e.mu.Unlock()
|
|
return nil
|
|
}
|
|
|
|
// Evaluate runs the policy engine against the given input using the cached
|
|
// operator rules plus compiled-in defaults.
|
|
func (e *Engine) Evaluate(input PolicyInput) (Effect, *Rule) {
|
|
e.mu.RLock()
|
|
rules := e.rules
|
|
e.mu.RUnlock()
|
|
return Evaluate(input, rules)
|
|
}
|
|
|
|
// PolicyRecord is the minimal interface the Engine needs from the DB layer.
|
|
// Using a local struct avoids importing the db or model packages from policy,
|
|
// which would create a dependency cycle.
|
|
type PolicyRecord struct {
|
|
Description string
|
|
RuleJSON string
|
|
ID int64
|
|
Priority int
|
|
Enabled bool
|
|
}
|